Mozilla defaults Tracking Protection for Firefox developer builds, but only for private browsing

Pre-beta versions of Firefox will block domains known to track users by default when a private browser window is opened.

After remaining hidden behind an about:config flag for some time, Mozilla has moved Tracking Protection into Firefox's developer release channel.

But rather than have the feature available in regular browsing windows, Tracking Protection is only enabled by default in private browsing windows.

"Our hypothesis is that when you open a Private Browsing window in Firefox, you're sending a signal that you want more control over your privacy than current private browsing experiences actually provide," Mozilla said in a blog post. "The experimental Private Browsing enhancements ready for testing today actively block website elements that could be used to record user behaviour across sites."

As enabling Tracking Protection can hinder the rendering of some web pages, users are able to turn off the feature on a per-site basis, but only for the current browsing session.

"Since Private Browsing mode doesn't keep any information about your browsing session, when you disable Tracking Protection for a site, it only lasts for the session. When you start a new Private Browsing session, Tracking Protection will be turned on for all sites," Mozilla said on a support page.

Firefox users are able to manually turn on Tracking Protection by going to about:config and toggling the privacy.trackingprotection.enabled flag.

Mozilla has three release channels for Firefox: aurora/developer channel for pre-beta testing; a beta channel; and its final release channel. Features added to aurora typically take three months -- two six-week release cycles -- to become available in the general release of Firefox, if no issues are found during testing.

Earlier this month, Firefox users were urged to upgrade to Firefox 39.0.3 and higher after it was discovered that malicious advertisements were exploiting a vulnerability in Firefox's PDF Viewer to search for sensitive files on users' local file systems.

"The vulnerability does not enable the execution of arbitrary code, but the exploit was able to inject a JavaScript payload into the local file context. This allowed it to search for and upload potentially sensitive local files," Mozilla security lead Daniel Veditz said in a blog post.